Re: [Samba] sysvolreset failing on glusterfs

2013-03-06 Thread Gerry Reno 
Do you have extended attributes enabled on your glusterfs filesystem?

Out of curiosity, what version of glusterfs are you seeing this problem?



On 03/06/2013 04:21 PM, Andreas Gaiser wrote:
> thanks for your answer.
>
> I don't think it's a permission issue, as the script is invoked as root
> and I don't think it's changing its uid.
>
> I've had a look into the code and what I see is, it's somewhat selective
> about the method to set ACLs depending on the filesystem AFAIR. The
> stack trace only shows the python part. The actual error results from C
> code. Setting ACLs using a windows client seems to work.
>
> Furthermore, if I'm mounting the glusterfs volume, in the mount list,
> the acl option is not shown.
>
> I think somewhere a decision about the availabilty of ACLs is going wrong.
>
> Very funny, at one occasion it did work, though complaining after
> minutes of activity, and ACLs were present after that (can't tell if
> they're correct). But this part is not well reproducable. In fact there
> is no reasonable way to do a sysvolreset at the moment, lengthening my
> list of issues.
>
> Andreas
>
> On 06.03.13 17:44, Mr J Potter wrote:
>> Hi,
>> I had similar problems with gluster. I set up a gluster sysvol first
>> then tried provisioning and it failed with the same error. So it maybe
>> to do with permissions on the sysvol folder itself?
>>
>> It worked if I set up dc and bdc each with local sysvols then moved them
>> onto gluster.
>>
>> Jim
>>
>> On Mar 3, 2013 5:32 PM, "Andreas Gaiser/L" > > wrote:
>>> Hi,
>>>
>>>
>>> I'm trying to setup a domain with two DCs based on 4.0.3. Following some
>>> hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I
>>> can set acls on both machines using setfacl and the other one lists them
>>> almost immediately with getfacl.
>>>
>>> But running "samba-tool ntacl sysvolreset is failing badly giving the
>>> following error.
>>>
>>> In a later attempt, without significant changes I remember, the script
>>> more or less seemed to work and created indeed ACEs, but still came up
>>> with this error after some minutes.
>>>
>>> root@dc1:~# samba-tool ntacl sysvolreset
>>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED.
>>> ERROR(runtime): uncaught exception - (-1073741637,
>>> 'NT_STATUS_NOT_SUPPORTED')
>>>   File
>>> "/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line
>>> 175, in _run
>>> return self.run(*args, **kwargs)
>>>   File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
>>> line 214, in run
>>> lp, use_ntvfs=use_ntvfs)
>>>   File
>>> "/opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
>>> line 1563, in setsysvolacl
>>> setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs,
>>> skip_invalid_chown=True, passdb=s4_passdb)
>>>   File "/opt/samba/lib/python2.6/site-packages/samba/ntacls.py", line
>>> 154, in setntacl
>>> smbd.set_nt_acl(file, security.SECINFO_OWNER |
>>> security.SECINFO_GROUP | security.SECINFO_DACL |
>> security.SECINFO_SACL, sd)
>>> Running mount is showing the target fs without ACLs, although they do
>>> work, as said before, and although I do have mounted the fs using -o
>>> acl,rw. The underlying ext3 fs is of cause running with acls enabled,
>>> too. This is what mount looks like for the involved fs's:
>>>
>>> fusectl on /sys/fs/fuse/connections type fusectl (rw)
>>> /dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr)
>>> localhost:/dc-vol on /export/dc-vol type fuse.glusterfs
>>> (rw,allow_other,max_read=131072)
>>>
>>>
>>> Andreas
>>> --
>>> Andreas Gaiser, Berlin, Germany
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sysvolreset failing on glusterfs

2013-03-06 Thread Andreas Gaiser 
thanks for your answer.

I don't think it's a permission issue, as the script is invoked as root
and I don't think it's changing its uid.

I've had a look into the code and what I see is, it's somewhat selective
about the method to set ACLs depending on the filesystem AFAIR. The
stack trace only shows the python part. The actual error results from C
code. Setting ACLs using a windows client seems to work.

Furthermore, if I'm mounting the glusterfs volume, in the mount list,
the acl option is not shown.

I think somewhere a decision about the availabilty of ACLs is going wrong.

Very funny, at one occasion it did work, though complaining after
minutes of activity, and ACLs were present after that (can't tell if
they're correct). But this part is not well reproducable. In fact there
is no reasonable way to do a sysvolreset at the moment, lengthening my
list of issues.

Andreas

On 06.03.13 17:44, Mr J Potter wrote:
> Hi,
> I had similar problems with gluster. I set up a gluster sysvol first
> then tried provisioning and it failed with the same error. So it maybe
> to do with permissions on the sysvol folder itself?
> 
> It worked if I set up dc and bdc each with local sysvols then moved them
> onto gluster.
> 
> Jim
> 
> On Mar 3, 2013 5:32 PM, "Andreas Gaiser/L"  > wrote:
>>
>> Hi,
>>
>>
>> I'm trying to setup a domain with two DCs based on 4.0.3. Following some
>> hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I
>> can set acls on both machines using setfacl and the other one lists them
>> almost immediately with getfacl.
>>
>> But running "samba-tool ntacl sysvolreset is failing badly giving the
>> following error.
>>
>> In a later attempt, without significant changes I remember, the script
>> more or less seemed to work and created indeed ACEs, but still came up
>> with this error after some minutes.
>>
>> root@dc1:~# samba-tool ntacl sysvolreset
>> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED.
>> ERROR(runtime): uncaught exception - (-1073741637,
>> 'NT_STATUS_NOT_SUPPORTED')
>>   File
>> "/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>> return self.run(*args, **kwargs)
>>   File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
>> line 214, in run
>> lp, use_ntvfs=use_ntvfs)
>>   File
>> "/opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
>> line 1563, in setsysvolacl
>> setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs,
>> skip_invalid_chown=True, passdb=s4_passdb)
>>   File "/opt/samba/lib/python2.6/site-packages/samba/ntacls.py", line
>> 154, in setntacl
>> smbd.set_nt_acl(file, security.SECINFO_OWNER |
>> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL, sd)
>>
>> Running mount is showing the target fs without ACLs, although they do
>> work, as said before, and although I do have mounted the fs using -o
>> acl,rw. The underlying ext3 fs is of cause running with acls enabled,
>> too. This is what mount looks like for the involved fs's:
>>
>> fusectl on /sys/fs/fuse/connections type fusectl (rw)
>> /dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr)
>> localhost:/dc-vol on /export/dc-vol type fuse.glusterfs
>> (rw,allow_other,max_read=131072)
>>
>>
>> Andreas
>> --
>> Andreas Gaiser, Berlin, Germany
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] sysvolreset failing on glusterfs

2013-03-03 Thread Andreas Gaiser/L 
Hi,


I'm trying to setup a domain with two DCs based on 4.0.3. Following some
hint, I wanna use glusterfs for the sysvol. Glusterfs it runs nicely. I
can set acls on both machines using setfacl and the other one lists them
almost immediately with getfacl.

But running "samba-tool ntacl sysvolreset is failing badly giving the
following error.

In a later attempt, without significant changes I remember, the script
more or less seemed to work and created indeed ACEs, but still came up
with this error after some minutes.

root@dc1:~# samba-tool ntacl sysvolreset
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_NOT_SUPPORTED.
ERROR(runtime): uncaught exception - (-1073741637,
'NT_STATUS_NOT_SUPPORTED')
  File
"/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line
175, in _run
return self.run(*args, **kwargs)
  File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/ntacl.py",
line 214, in run
lp, use_ntvfs=use_ntvfs)
  File
"/opt/samba/lib/python2.6/site-packages/samba/provision/__init__.py",
line 1563, in setsysvolacl
setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=s4_passdb)
  File "/opt/samba/lib/python2.6/site-packages/samba/ntacls.py", line
154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)

Running mount is showing the target fs without ACLs, although they do
work, as said before, and although I do have mounted the fs using -o
acl,rw. The underlying ext3 fs is of cause running with acls enabled,
too. This is what mount looks like for the involved fs's:

fusectl on /sys/fs/fuse/connections type fusectl (rw)
/dev/xvda3 on /var/glusterfs/brick1 type ext3 (rw,acl,user_xattr)
localhost:/dc-vol on /export/dc-vol type fuse.glusterfs
(rw,allow_other,max_read=131072)


Andreas
-- 
Andreas Gaiser, Berlin, Germany
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba